How to Estimate the Success Rate of Higher-Order Side-Channel Attacks

The resistance of a cryptographic implementation with regards to side-channel analysis is often quantified by measuring the success rate of a given attack. This approach cannot always be followed in practice, especially when the implementation includes some countermeasures that may render the attack too costly for an evaluation purpose, but not costly enough from a security point of view. An evaluator then faces the issue of estimating the success rate of an attack he cannot mount. The present paper adresses this issue by presenting a methodology to estimate the success rate of higher-order side-channel attacks targeting implementations protected by masking. Specifically, we generalize the approach initially proposed at SAC 2008 in the context of first-order side-channel attacks. The principle is to approximate the distribution of an attack\u27s score vector by a multivariate Gaussian distribution, whose parameters are derived by profiling the leakage. One can then accurately compute the expected attack success rate with respect to the number of leakage measurements. We apply this methodology to higher-order side-channel attacks based on the widely used correlation and likelihood distinguishers. Moreover, we validate our approach with simulations and practical attack experiments against masked AES implemenations running on two different microcontrollers

Undermining User Privacy on Mobile Devices Using AI

Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to the privacy of mobile phone users. This is because applications leave distinct footprints in the processor, which can be used by malware to infer user activities. In this work, we show that these inference attacks are considerably more practical when combined with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with Deep Learning methods including Convolutional Neural Networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zeropermission App in well under a minute. The App thereby detects running applications with an accuracy of 98% and reveals opened websites and streaming videos by monitoring the LLC for at most 6 seconds. This is possible, since Deep Learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics such as random line replacement policies. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to implement and execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users

Proposal for Implementing Device-Independent Quantum Key Distribution based on a Heralded Qubit Amplification

In device-independent quantum key distribution (DIQKD), the violation of a Bell inequality is exploited to establish a shared key that is secure independently of the internal workings of the QKD devices. An experimental implementation of DIQKD, however, is still awaited, since hitherto all optical Bell tests are subject to the detection loophole, making the protocol unsecured. In particular, photon losses in the quantum channel represent a fundamental limitation for DIQKD. Here, we introduce a heralded qubit amplifier based on single-photon sources and linear optics that provides a realistic solution to overcome the problem of channel losses in Bell tests.Comment: 5 pages, 4 figures, 6 page appendi

Heisenberg-limited eavesdropping on the continuous-variable quantum cryptographic protocol with no basis switching is impossible

The Gaussian quantum key distribution protocol based on coherent states and heterodyne detection [Phys. Rev. Lett. 93, 170504 (2004)] has the advantage that no active random basis switching is needed on the receiver's side. Its security is, however, not very satisfyingly understood today because the bounds on the secret key rate that have been derived from Heisenberg relations are not attained by any known scheme. Here, we address the problem of the optimal Gaussian individual attack against this protocol, and derive tight upper bounds on the information accessible to an eavesdropper. The optical scheme achieving this bound is also exhibited, which concludes the security analysis of this protocol.Comment: 10 pages, 6 figure

Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices

Device independent quantum key distribution aims to provide a higher degree of security than traditional QKD schemes by reducing the number of assumptions that need to be made about the physical devices used. The previous proof of security by Pironio et al. applies only to collective attacks where the state is identical and independent and the measurement devices operate identically for each trial in the protocol. We extend this result to a more general class of attacks where the state is arbitrary and the measurement devices have no memory. We accomplish this by a reduction of arbitrary adversary strategies to qubit strategies and a proof of security for qubit strategies based on the previous proof by Pironio et al. and techniques adapted from Renner.Comment: 13 pages. Expanded main proofs with more detail, miscellaneous edits for clarit

Trojan-horse attacks threaten the security of practical quantum cryptography

A quantum key distribution system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID~Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bob's secret basis choice, and thus the raw key bit in the Scarani-Ac\'in-Ribordy-Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately in Clavis2 Eve's bright pulses have a side effect of causing high level of afterpulsing in Bob's single-photon detectors, resulting in a high quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.Comment: 22 pages including appendix and references, 6+2 figure